Tootfinder

Opt-in global Mastodon full text search. Join the index!

@zachleat@zachleat.com
2026-05-12 14:17:05

A follow up here on action items (assuming you’re already using trusted publishers OIDC to scope releases to a single GitHub Action workflow):
1. Look for any `pull_request_target` GitHub Actions workflows! (this allows external forks/code to run your actions with write access ☠️☠️☠️☠️☠️)
2. Look for use of `cache` in your GitHub Actions release workflow (cache was poisoned/compromised by `pull_request_target` trigger)
Learn more about `pull_request_target`:

@Techmeme@techhub.social
2026-05-04 19:05:46

Former Trump and Biden AI advisers Dean Ball and Ben Buchanan urge bipartisan action on AI security risks, including tighter export controls and safety audits (New York Times)
nytimes.com/2026/05/04/opinion

Republicans block war powers resolution again
after Democrats grill Hegseth on Trump’s ‘unauthorized war’ in Iran
Republican senators blocked a sixth attempt to limit US military action in Iran
Democrats criticize Trump’s defense secretary and "strategy" in the Middle East

@cdp1337@social.bitsnbytes.dev
2026-04-27 10:04:39

The font and colors are subject to change, (though I'm kind of digging the dark blue), but the next portion of the Warlock project is coming together! This will serve as the public documentation and information site for the project, for folks not wanting to solely use Github. Still a lot of work to do, but making good progress on it.
OH, and the screenshot is being generated by the following "code"

::: section .showcase
::: .blocks-2
::: .block

# Warlock Ne…
Screenshot from a website showing two columns; about text on the left with call to action buttons and a showcase image on the right.  Will serve as a baseline for an upcoming site I'm working on.
@Techmeme@techhub.social
2026-07-02 11:06:19

Filings: President Trump purchased up to $5M each in Broadcom, Meta, Amazon, Apple, Microsoft, and Nvidia stocks on July 23, the same day as his AI action plan (New York Times)
nytimes.com/2026/07/01/us/pol…

After a security researcher published a series of unpatched bugs in Microsoft products, along with code to exploit them,
the company is now threatening to take legal action and call the cops on them.
Microsoft’s threat reignites a long-running argument over what responsibility, if any, security researchers have to disclose vulnerabilities affecting large and wealthy tech giants.
On Wednesday, Microsoft published a blog post criticizing the researcher, who goes by the handl…